Exact Feature Collisions in Neural Networks
- URL: http://arxiv.org/abs/2205.15763v1
- Date: Tue, 31 May 2022 13:01:00 GMT
- Title: Exact Feature Collisions in Neural Networks
- Authors: Utku Ozbulak, Manvel Gasparyan, Shodhan Rao, Wesley De Neve, Arnout
Van Messem
- Abstract summary: Recent research suggests that the same networks can be extremely insensitive to changes of large magnitude.
In such cases, features of two data points are said to approximately collide, thus leading to the largely similar predictions.
We propose the Null-space search, a numerical approach that does not rely on collides, to create data points with colliding features for any input.
- Score: 2.1069219768528473
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Predictions made by deep neural networks were shown to be highly sensitive to
small changes made in the input space where such maliciously crafted data
points containing small perturbations are being referred to as adversarial
examples. On the other hand, recent research suggests that the same networks
can also be extremely insensitive to changes of large magnitude, where
predictions of two largely different data points can be mapped to approximately
the same output. In such cases, features of two data points are said to
approximately collide, thus leading to the largely similar predictions. Our
results improve and extend the work of Li et al.(2019), laying out theoretical
grounds for the data points that have colluding features from the perspective
of weights of neural networks, revealing that neural networks not only suffer
from features that approximately collide but also suffer from features that
exactly collide. We identify the necessary conditions for the existence of such
scenarios, hereby investigating a large number of DNNs that have been used to
solve various computer vision problems. Furthermore, we propose the Null-space
search, a numerical approach that does not rely on heuristics, to create data
points with colliding features for any input and for any task, including, but
not limited to, classification, localization, and segmentation.
Related papers
- Evaluating the Robustness of Deep-Learning Algorithm-Selection Models by Evolving Adversarial Instances [0.16874375111244325]
Deep convolutional networks (DNN) are increasingly being used to perform algorithm-selection in neural domains.
adversarial samples are successfully generated from up to 56% of the original instances depending on the dataset.
We use an evolutionary algorithm (EA) to find perturbations of instances from two existing benchmarks for online bin packing that cause trained DRNs to misclassify.
arXiv Detail & Related papers (2024-06-24T12:48:44Z) - Improved Generalization of Weight Space Networks via Augmentations [56.571475005291035]
Learning in deep weight spaces (DWS) is an emerging research direction, with applications to 2D and 3D neural fields (INRs, NeRFs)
We empirically analyze the reasons for this overfitting and find that a key reason is the lack of diversity in DWS datasets.
To address this, we explore strategies for data augmentation in weight spaces and propose a MixUp method adapted for weight spaces.
arXiv Detail & Related papers (2024-02-06T15:34:44Z) - Deep Neural Networks Tend To Extrapolate Predictably [51.303814412294514]
neural network predictions tend to be unpredictable and overconfident when faced with out-of-distribution (OOD) inputs.
We observe that neural network predictions often tend towards a constant value as input data becomes increasingly OOD.
We show how one can leverage our insights in practice to enable risk-sensitive decision-making in the presence of OOD inputs.
arXiv Detail & Related papers (2023-10-02T03:25:32Z) - Memorization with neural nets: going beyond the worst case [5.662924503089369]
In practice, deep neural networks are often able to easily interpolate their training data.
For real-world data, however, one intuitively expects the presence of a benign structure so that already occurs at a smaller network size than suggested by memorization capacity.
We introduce a simple randomized algorithm that, given a fixed finite dataset with two classes, with high probability constructs an interpolating three-layer neural network in time.
arXiv Detail & Related papers (2023-09-30T10:06:05Z) - Multilayer Multiset Neuronal Networks -- MMNNs [55.2480439325792]
The present work describes multilayer multiset neuronal networks incorporating two or more layers of coincidence similarity neurons.
The work also explores the utilization of counter-prototype points, which are assigned to the image regions to be avoided.
arXiv Detail & Related papers (2023-08-28T12:55:13Z) - Unfolding Local Growth Rate Estimates for (Almost) Perfect Adversarial
Detection [22.99930028876662]
Convolutional neural networks (CNN) define the state-of-the-art solution on many perceptual tasks.
Current CNN approaches largely remain vulnerable against adversarial perturbations of the input that have been crafted specifically to fool the system.
We propose a simple and light-weight detector, which leverages recent findings on the relation between networks' local intrinsic dimensionality (LID) and adversarial attacks.
arXiv Detail & Related papers (2022-12-13T17:51:32Z) - FuNNscope: Visual microscope for interactively exploring the loss
landscape of fully connected neural networks [77.34726150561087]
We show how to explore high-dimensional landscape characteristics of neural networks.
We generalize observations on small neural networks to more complex systems.
An interactive dashboard opens up a number of possible application networks.
arXiv Detail & Related papers (2022-04-09T16:41:53Z) - Bias Loss for Mobile Neural Networks [14.08237958134373]
Compact convolutional neural networks (CNNs) have witnessed exceptional improvements in performance in recent years.
The diverse and even abundant features captured by the layers is an important characteristic of these successful CNNs.
In compact CNNs, due to the limited number of parameters, abundant features are unlikely to be obtained, and feature diversity becomes an essential characteristic.
arXiv Detail & Related papers (2021-07-23T12:37:56Z) - Bayesian Neural Networks [0.0]
We show how errors in prediction by neural networks can be obtained in principle, and provide the two favoured methods for characterising these errors.
We will also describe how both of these methods have substantial pitfalls when put into practice.
arXiv Detail & Related papers (2020-06-02T09:43:00Z) - Binary Neural Networks: A Survey [126.67799882857656]
The binary neural network serves as a promising technique for deploying deep models on resource-limited devices.
The binarization inevitably causes severe information loss, and even worse, its discontinuity brings difficulty to the optimization of the deep network.
We present a survey of these algorithms, mainly categorized into the native solutions directly conducting binarization, and the optimized ones using techniques like minimizing the quantization error, improving the network loss function, and reducing the gradient error.
arXiv Detail & Related papers (2020-03-31T16:47:20Z) - Hold me tight! Influence of discriminative features on deep network
boundaries [63.627760598441796]
We propose a new perspective that relates dataset features to the distance of samples to the decision boundary.
This enables us to carefully tweak the position of the training samples and measure the induced changes on the boundaries of CNNs trained on large-scale vision datasets.
arXiv Detail & Related papers (2020-02-15T09:29:36Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.